mirror of
https://github.com/sshuttle/sshuttle.git
synced 2025-07-04 16:50:34 +02:00
Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 5ce4e8c409 | |||
| 934fac9d6c |
2
.github/workflows/pythonpackage.yml
vendored
2
.github/workflows/pythonpackage.yml
vendored
@ -25,7 +25,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
python-version: ${{ matrix.python-version }}
|
python-version: ${{ matrix.python-version }}
|
||||||
- name: Install uv
|
- name: Install uv
|
||||||
uses: astral-sh/setup-uv@v5
|
uses: astral-sh/setup-uv@v6
|
||||||
with:
|
with:
|
||||||
version: "0.4.30"
|
version: "0.4.30"
|
||||||
enable-cache: true
|
enable-cache: true
|
||||||
|
|||||||
2
.github/workflows/release-please.yml
vendored
2
.github/workflows/release-please.yml
vendored
@ -34,7 +34,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
python-version: 3.12
|
python-version: 3.12
|
||||||
- name: Install uv
|
- name: Install uv
|
||||||
uses: astral-sh/setup-uv@v5
|
uses: astral-sh/setup-uv@v6
|
||||||
with:
|
with:
|
||||||
version: "0.4.30"
|
version: "0.4.30"
|
||||||
enable-cache: true
|
enable-cache: true
|
||||||
|
|||||||
@ -5,7 +5,15 @@ from uuid import uuid4
|
|||||||
|
|
||||||
|
|
||||||
def build_config(user_name):
|
def build_config(user_name):
|
||||||
template = '''
|
"""Generates a sudoers configuration to allow passwordless execution of sshuttle."""
|
||||||
|
|
||||||
|
argv0 = os.path.abspath(sys.argv[0])
|
||||||
|
is_python_script = argv0.endswith('.py')
|
||||||
|
executable = f"{sys.executable} {argv0}" if is_python_script else argv0
|
||||||
|
dist_packages = os.path.dirname(os.path.abspath(__file__))
|
||||||
|
cmd_alias = f"SSHUTTLE{uuid4().hex[-3:].upper()}"
|
||||||
|
|
||||||
|
template = f"""
|
||||||
# WARNING: If you intend to restrict a user to only running the
|
# WARNING: If you intend to restrict a user to only running the
|
||||||
# sshuttle command as root, THIS CONFIGURATION IS INSECURE.
|
# sshuttle command as root, THIS CONFIGURATION IS INSECURE.
|
||||||
# When a user can run sshuttle as root (with or without a password),
|
# When a user can run sshuttle as root (with or without a password),
|
||||||
@ -16,27 +24,18 @@ def build_config(user_name):
|
|||||||
# sshuttle without needing to enter a sudo password. To use this
|
# sshuttle without needing to enter a sudo password. To use this
|
||||||
# configuration, run 'visudo /etc/sudoers.d/sshuttle_auto' as root and
|
# configuration, run 'visudo /etc/sudoers.d/sshuttle_auto' as root and
|
||||||
# paste this text into the editor that it opens. If you want to give
|
# paste this text into the editor that it opens. If you want to give
|
||||||
# multiple users these privileges, you may wish to use use different
|
# multiple users these privileges, you may wish to use different
|
||||||
# filenames for each one (i.e., /etc/sudoers.d/sshuttle_auto_john).
|
# filenames for each one (i.e., /etc/sudoers.d/sshuttle_auto_john).
|
||||||
|
|
||||||
# This configuration was initially generated by the
|
# This configuration was initially generated by the
|
||||||
# 'sshuttle --sudoers-no-modify' command.
|
# 'sshuttle --sudoers-no-modify' command.
|
||||||
|
|
||||||
Cmnd_Alias %(ca)s = /usr/bin/env PYTHONPATH=%(dist_packages)s %(py)s %(path)s *
|
Cmnd_Alias {cmd_alias} = /usr/bin/env PYTHONPATH={dist_packages} {executable} *
|
||||||
|
|
||||||
%(user_name)s ALL=NOPASSWD: %(ca)s
|
{user_name} ALL=NOPASSWD: {cmd_alias}
|
||||||
'''
|
"""
|
||||||
|
|
||||||
content = template % {
|
return template
|
||||||
# randomize command alias to avoid collisions
|
|
||||||
'ca': 'SSHUTTLE%(num)s' % {'num': uuid4().hex[-3:].upper()},
|
|
||||||
'dist_packages': os.path.dirname(os.path.abspath(__file__))[:-9],
|
|
||||||
'py': sys.executable,
|
|
||||||
'path': sys.argv[0],
|
|
||||||
'user_name': user_name,
|
|
||||||
}
|
|
||||||
|
|
||||||
return content
|
|
||||||
|
|
||||||
|
|
||||||
def sudoers(user_name=None):
|
def sudoers(user_name=None):
|
||||||
|
|||||||
Reference in New Issue
Block a user